Wrong binds configuration for dmix plugin causes segmentation fault in alsa

Fri Jan 22 16:06:41 CET 2021

alsa-project/alsa-lib issue #117 was opened from elara-leitstellentechnik:

On Debian buster I can get alsa to run into a segmentation fault with the following procedure:
Configure dmix with two channels (binds) for a Mono device. (I am not sure that this is reproducible with any mono device, I tested with a Jabra LINK 230):
```
~$ cat .asoundrc  
pcm."Jabra LINK 230" {  
       type dmix  
       ipc_key 1024  
       slave.pcm "hw:2,0"  
       bindings {  
              0 0  
             # The next line is the problematic line that triggers the segfault
              1 1  
       }  
}  
```
Then when playing any sound file with e.g. mplayer and making it use the dmix device the following happens:
```
$ mplayer -ao alsa:device="Jabra LINK 230" /usr/share/sounds/alsa/Front_Left.wav
MPlayer 1.3.0 (Debian), built with gcc-8 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Playing /usr/share/sounds/alsa/Front_Left.wav.
libavformat version 58.20.100 (external)
Mismatching header version 58.12.100
Audio only file format detected.
Load subtitles in /usr/share/sounds/alsa/
==========================================================================
Opening audio decoder: [pcm] Uncompressed PCM audio decoder
AUDIO: 48000 Hz, 1 ch, s16le, 768.0 kbit/100.00% (ratio: 96000->96000)
Selected audio codec: [pcm] afm: pcm (Uncompressed PCM)
==========================================================================
[AO_ALSA] alsa-lib: pcm_hw.c:1711:(snd_pcm_hw_open) open '/dev/snd/pcmC2D0p' failed (-77): File descriptor in bad state
AO: [alsa] 48000Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...

MPlayer interrupted by signal 11 in module: play_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM.
  Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
  disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
 [ This binary of MPlayer in Debian is currently compiled with
   '--enable-debug'; the debugging symbols are in the package
   'mplayer-dbgsym'.]
```
I appreciate that configuring two bindings for a single-channel audio device is an error, but I am not sure that this justifies a segfault. 
Here is some more information I have been able to extract using gdb:

```
~$ gdb --args mplayer -ao alsa:device="Jabra LINK 230" /usr/share/sounds/alsa/Front_Left.wav
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mplayer...Reading symbols from /usr/lib/debug/.build-id/3a/9816e9d363979a4f76e6cb809a33dffda67d05.debug...done.
done.
(gdb) run
Starting program: /usr/bin/mplayer -ao alsa:device=Jabra\ LINK\ 230 /usr/share/sounds/alsa/Front_Left.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
MPlayer 1.3.0 (Debian), built with gcc-8 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Playing /usr/share/sounds/alsa/Front_Left.wav.
libavformat version 58.20.100 (external)
Mismatching header version 58.12.100
Audio only file format detected.
Load subtitles in /usr/share/sounds/alsa/
==========================================================================
Opening audio decoder: [pcm] Uncompressed PCM audio decoder
AUDIO: 48000 Hz, 1 ch, s16le, 768.0 kbit/100.00% (ratio: 96000->96000)
Selected audio codec: [pcm] afm: pcm (Uncompressed PCM)
==========================================================================
[AO_ALSA] alsa-lib: pcm_hw.c:1711:(snd_pcm_hw_open) open '/dev/snd/pcmC2D0p' failed (-77): File descriptor in bad state
AO: [alsa] 48000Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7a09b76 in mix_areas_16_smp (size=4160473088, size at entry=17424, dst=0x555555aa9510, src=0xde020109, sum=0x21fe0f3c, dst_step=2, src_step=4, sum_step=8) at pcm_dmix_x86_64.h:48
48	pcm_dmix_x86_64.h: No such file or directory.
(gdb) where
#0  0x00007ffff7a09b76 in mix_areas_16_smp (size=4160473088, size at entry=17424, dst=0x555555aa9510, src=0xde020109, sum=0x21fe0f3c, dst_step=2, src_step=4, sum_step=8) at pcm_dmix_x86_64.h:48
#1  0x00007ffff7a0ba1c in mix_areas (size=17424, dst_ofs=576, src_ofs=0, dst_areas=0x555555a927f0, src_areas=0x7fffe88b3000, dmix=0x555555a929e0) at pcm_dmix.c:215
#2  snd_pcm_dmix_sync_area (pcm=pcm at entry=0x555555a94850) at pcm_dmix.c:382
#3  0x00007ffff7a0bdfa in snd_pcm_dmix_start (pcm=0x555555a94850) at pcm_dmix.c:619
#4  0x00007ffff79d8b4a in __snd_pcm_start (pcm=0x555555a94850, pcm=0x555555a94850) at pcm_local.h:434
#5  snd1_pcm_write_areas (pcm=pcm at entry=0x555555a94850, areas=areas at entry=0x7fffffffcfd0, offset=offset at entry=0, size=<optimized out>, size at entry=18000, func=func at entry=0x7ffff79e46c0 <snd_pcm_mmap_write_areas>) at pcm.c:7421
#6  0x00007ffff79e4b01 in snd_pcm_mmap_writei (pcm=0x555555a94850, buffer=<optimized out>, size=18000) at pcm_mmap.c:153
#7  0x00005555556242f8 in play (data=0x555555ac4f70, len=<optimized out>, flags=<optimized out>) at libao2/ao_alsa.c:812
#8  0x000055555560bbab in fill_audio_out_buffers () at mplayer.c:2212
#9  main (argc=<optimized out>, argv=<optimized out>) at mplayer.c:3794
(gdb) 

```
To me this looks like the segfault is triggered in pcm_dmix_x86_64.h:48 so I believe it is an alsa problem rather than a problem with mplayer.
I hope this makes sense. If I can support with further information please let me know.

Issue URL     : https://github.com/alsa-project/alsa-lib/issues/117
Repository URL: https://github.com/alsa-project/alsa-lib